[webkit-changes] [WebKit/WebKit] fca15e: [JSC] delete operator shouldn't perform TDZ checks

Thu, 15 Jun 2023 16:04:16 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: fca15e410aef3a78d5f573612079c4692ac54faa
      
https://github.com/WebKit/WebKit/commit/fca15e410aef3a78d5f573612079c4692ac54faa
  Author: Alexey Shvayka <[email protected]>
  Date:   2023-06-15 (Thu, 15 Jun 2023)

  Changed paths:
    M JSTests/ChakraCore/test/LetConst/tdz1.baseline-jsc
    M JSTests/stress/const-not-strict-mode.js
    M JSTests/stress/lexical-let-not-strict-mode.js
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  [JSC] delete operator shouldn't perform TDZ checks
https://bugs.webkit.org/show_bug.cgi?id=257697
<rdar://problem/110237888>

Reviewed by Yusuke Suzuki.

ReferenceError for an uninitialized binding is being originated in 
GetBindingValue [1], yet delete
operator [2] calls into DeleteBinding instead, which is a no-op [3] in case of 
a lexical binding.

This change removes TDZ check and calls into 
JSSymbolTableObject::deleteProperty() instead,
which does nothing but returning `false` that is being ignored by del_by_id 
opcode in sloppy mode,
precluding a runtime error from being thrown for code like `delete foo; let 
foo`.

As for the strict mode, TDZ check isn't even reached because a SyntaxError is 
thrown for any binding
that could possibly end up being unitialized [4].

In no way this change affects WithStatement since it can't produce a value 
deemed as
uninitialized binding (an empty JSValue).

Aligns JSC with V8 and SpiderMonkey.

[1]: 
https://tc39.es/ecma262/#sec-declarative-environment-records-getbindingvalue-n-s
 (step 2)
[2]: https://tc39.es/ecma262/#sec-delete-operator-runtime-semantics-evaluation 
(step 5.c)
[3]: 
https://tc39.es/ecma262/#sec-declarative-environment-records-deletebinding-n 
(step 2)
[4]: https://tc39.es/ecma262/#sec-delete-operator-static-semantics-early-errors

* JSTests/ChakraCore/test/LetConst/tdz1.baseline-jsc:
* JSTests/stress/const-not-strict-mode.js:
* JSTests/stress/lexical-let-not-strict-mode.js:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::DeleteResolveNode::emitBytecode):

Canonical link: https://commits.webkit.org/265212@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to